ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2024-11-15 17:56:14 +05:30
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' into feature/clients

Browse Source
This commit is contained in:
Alex Bilbie 2012-09-19 23:29:40 +01:00
commit 6d1702a15d
9 changed files with 75 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitattributes vendored Normal file
View File

@ -0,0 +1,4 @@
tests/ export-ignore
phpunit.xml export-ignore
build.xml export-ignore
test export-ignore

4
README.md
View File

@ -38,6 +38,10 @@ The resource server allows you to secure your API endpoints by checking for a va
* Support for [JSON web tokens](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-json-web-token/). * Support for [JSON web tokens](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-json-web-token/).
* Support for [SAML assertions](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-saml2-bearer/). * Support for [SAML assertions](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-saml2-bearer/).
### Client support
* Merge in https://github.com/philsturgeon/codeigniter-oauth2
--- ---
This code will be developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which has been funded by [JISC](http://jisc.ac.uk) under the Access and Identity Management programme. This code will be developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which has been funded by [JISC](http://jisc.ac.uk) under the Access and Identity Management programme.

6
composer.json
View File

@ -1,14 +1,14 @@
{ {
"name": "lncd/Oauth2", "name": "lncd/Oauth2",
"description": "OAuth 2.0 Framework", "description": "OAuth 2.0 Framework",
"version": "0.2.1", "version": "0.2.3",
"homepage": "https://github.com/lncd/OAuth2", "homepage": "https://github.com/lncd/OAuth2",
"license": "MIT", "license": "MIT",
"require": { "require": {
"php": ">=5.3.0" "php": ">=5.3.0"
}, },
"require-dev": { "require-dev": {
"EHER/PHPUnit": "*" "phpunit/phpunit": "*"
}, },
"repositories": [ "repositories": [
{ {
@ -27,7 +27,7 @@
"authors": [ "authors": [
{ {
"name": "Alex Bilbie", "name": "Alex Bilbie",
"email": "oauth2server@alexbilbie.com", "email": "oauth2@alexbilbie.com",
"homepage": "http://www.httpster.org", "homepage": "http://www.httpster.org",
"role": "Developer" "role": "Developer"
} }

0
src/sql/database.sql → sql/database.sql
View File

0
src/sql/index.html → sql/index.html
View File

42
src/Oauth2/Authentication/Server.php
View File

@ -2,17 +2,17 @@
namespace Oauth2\Authentication; namespace Oauth2\Authentication;
class OAuthServerClientException extends \Exception class ClientException extends \Exception
{ {
} }
class OAuthServerUserException extends \Exception class UserException extends \Exception
{ {
} }
class OAuthServerException extends \Exception class ServerException extends \Exception
{ {
} }
@ -127,7 +127,7 @@ class Server
// Client ID // Client ID
if ( ! isset($authParams['client_id']) && ! isset($_GET['client_id'])) { if ( ! isset($authParams['client_id']) && ! isset($_GET['client_id'])) {
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0); throw new ClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
} else { } else {
@ -138,7 +138,7 @@ class Server
// Redirect URI // Redirect URI
if ( ! isset($authParams['redirect_uri']) && ! isset($_GET['redirect_uri'])) { if ( ! isset($authParams['redirect_uri']) && ! isset($_GET['redirect_uri'])) {
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0); throw new ClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0);
} else { } else {
@ -151,13 +151,13 @@ class Server
if ($clientDetails === false) { if ($clientDetails === false) {
throw new OAuthServerClientException($this->errors['invalid_client'], 8); throw new ClientException($this->errors['invalid_client'], 8);
} }
// Response type // Response type
if ( ! isset($authParams['response_type']) && ! isset($_GET['response_type'])) { if ( ! isset($authParams['response_type']) && ! isset($_GET['response_type'])) {
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'response_type'), 0); throw new ClientException(sprintf($this->errors['invalid_request'], 'response_type'), 0);
} else { } else {
@ -166,7 +166,7 @@ class Server
// Ensure response type is one that is recognised // Ensure response type is one that is recognised
if ( ! in_array($params['response_type'], $this->_responseTypes)) { if ( ! in_array($params['response_type'], $this->_responseTypes)) {
throw new OAuthServerClientException($this->errors['unsupported_response_type'], 3); throw new ClientException($this->errors['unsupported_response_type'], 3);
} }
} }
@ -189,7 +189,7 @@ class Server
if (count($scopes) === 0) { if (count($scopes) === 0) {
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'scope'), 0); throw new ClientException(sprintf($this->errors['invalid_request'], 'scope'), 0);
} }
$params['scopes'] = array(); $params['scopes'] = array();
@ -200,7 +200,7 @@ class Server
if ($scopeDetails === false) { if ($scopeDetails === false) {
throw new OAuthServerClientException(sprintf($this->errors['invalid_scope'], $scope), 4); throw new ClientException(sprintf($this->errors['invalid_scope'], $scope), 4);
} }
@ -325,7 +325,7 @@ class Server
if ( ! isset($authParams['grant_type']) && ! isset($_POST['grant_type'])) { if ( ! isset($authParams['grant_type']) && ! isset($_POST['grant_type'])) {
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'grant_type'), 0); throw new ClientException(sprintf($this->errors['invalid_request'], 'grant_type'), 0);
} else { } else {
@ -334,7 +334,7 @@ class Server
// Ensure grant type is one that is recognised // Ensure grant type is one that is recognised
if ( ! in_array($params['grant_type'], $this->_grantTypes)) { if ( ! in_array($params['grant_type'], $this->_grantTypes)) {
throw new OAuthServerClientException($this->errors['unsupported_grant_type'], 7); throw new ClientException($this->errors['unsupported_grant_type'], 7);
} }
} }
@ -350,7 +350,7 @@ class Server
case 'password': // Resource owner password credentials grant case 'password': // Resource owner password credentials grant
case 'client_credentials': // Client credentials grant case 'client_credentials': // Client credentials grant
default: // Unsupported default: // Unsupported
throw new OAuthServerException($this->errors['server_error'] . 'Tried to process an unsuppported grant type.', 5); throw new ServerException($this->errors['server_error'] . 'Tried to process an unsuppported grant type.', 5);
break; break;
} }
} }
@ -370,7 +370,7 @@ class Server
// Client ID // Client ID
if ( ! isset($authParams['client_id']) && ! isset($_POST['client_id'])) { if ( ! isset($authParams['client_id']) && ! isset($_POST['client_id'])) {
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0); throw new ClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
} else { } else {
@ -381,7 +381,7 @@ class Server
// Client secret // Client secret
if ( ! isset($authParams['client_secret']) && ! isset($_POST['client_secret'])) { if ( ! isset($authParams['client_secret']) && ! isset($_POST['client_secret'])) {
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'client_secret'), 0); throw new ClientException(sprintf($this->errors['invalid_request'], 'client_secret'), 0);
} else { } else {
@ -392,7 +392,7 @@ class Server
// Redirect URI // Redirect URI
if ( ! isset($authParams['redirect_uri']) && ! isset($_POST['redirect_uri'])) { if ( ! isset($authParams['redirect_uri']) && ! isset($_POST['redirect_uri'])) {
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0); throw new ClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0);
} else { } else {
@ -409,13 +409,13 @@ class Server
if ($clientDetails === false) { if ($clientDetails === false) {
throw new OAuthServerClientException($this->errors['invalid_client'], 8); throw new ClientException($this->errors['invalid_client'], 8);
} }
// The authorization code // The authorization code
if ( ! isset($authParams['code']) && ! isset($_POST['code'])) { if ( ! isset($authParams['code']) && ! isset($_POST['code'])) {
throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'code'), 0); throw new ClientException(sprintf($this->errors['invalid_request'], 'code'), 0);
} else { } else {
@ -433,7 +433,7 @@ class Server
if ( ! $session) { if ( ! $session) {
throw new OAuthServerClientException(sprintf($this->errors['invalid_grant'], 'code'), 9); throw new ClientException(sprintf($this->errors['invalid_grant'], 'code'), 9);
} else { } else {
@ -500,11 +500,11 @@ class Server
private function _dbCall() private function _dbCall()
{ {
if ($this->_db === null) { if ($this->_db === null) {
throw new OAuthServerException('No registered database abstractor'); throw new ServerException('No registered database abstractor');
} }
if ( ! $this->_db instanceof Database) { if ( ! $this->_db instanceof Database) {
throw new OAuthServerException('Registered database abstractor is not an instance of Oauth2\Authentication\Database'); throw new ServerException('Registered database abstractor is not an instance of Oauth2\Authentication\Database');
} }
$args = func_get_args(); $args = func_get_args();

33
src/Oauth2/Resource/Server.php
View File

@ -2,7 +2,12 @@
namespace Oauth2\Resource; namespace Oauth2\Resource;
class OAuthResourceServerException extends \Exception class ServerException extends \Exception
{
}
class ClientException extends \Exception
{ {
} }
@ -56,7 +61,9 @@ class Server
*/ */
public $errors = array( public $errors = array(
'missing_access_token' => 'An access token was not presented with the request', 'missing_access_token' => 'An access token was not presented with the request',
'invalid_access_token' => 'The access token is not registered with the resource server' 'invalid_access_token' => 'The access token is not registered with the resource server',
'missing_access_token_details' => 'The registered database abstractor did not return a valid access token details response',
'invalid_access_token_scopes' => 'The registered database abstractor did not return a valid access token scopes response',
); );
/** /**
@ -150,21 +157,33 @@ class Server
if ($result === false) { if ($result === false) {
throw new OAuthResourceServerException($this->errors['invalid_access_token']); throw new ClientException($this->errors['invalid_access_token']);
} else { } else {
if ( ! array_key_exists('id', $result) || ! array_key_exists('owner_id', $result) ||
! array_key_exists('owner_type', $result)) {
throw new ServerException($this->errors['missing_access_token_details']);
}
$this->_accessToken = $accessToken; $this->_accessToken = $accessToken;
$this->_type = $result['owner_type']; $this->_type = $result['owner_type'];
$this->_typeId = $result['owner_id']; $this->_typeId = $result['owner_id'];
// Get the scopes // Get the scopes
$this->_scopes = $this->_dbCall('sessionScopes', $result['id']); $scopes = $this->_dbCall('sessionScopes', $result['id']);
if ( ! is_array($scopes))
{
throw new ServerException($this->errors['invalid_access_token_scopes']);
}
$this->_scopes = $scopes;
} }
} else { } else {
throw new OAuthResourceServerException($this->errors['missing_access_token']); throw new ClientException($this->errors['missing_access_token']);
} }
} }
@ -211,11 +230,11 @@ class Server
private function _dbCall() private function _dbCall()
{ {
if ($this->_db === null) { if ($this->_db === null) {
throw new OAuthResourceServerException('No registered database abstractor'); throw new ServerException('No registered database abstractor');
} }
if ( ! $this->_db instanceof Database) { if ( ! $this->_db instanceof Database) {
throw new OAuthResourceServerException('Registered database abstractor is not an instance of Oauth2\Resource\Database'); throw new ServerException('The registered database abstractor is not an instance of Oauth2\Resource\Database');
} }
$args = func_get_args(); $args = func_get_args();

30
tests/authentication/server_test.php
View File

@ -90,7 +90,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
} }
/** /**
* @expectedException Oauth2\Authentication\OAuthServerClientException * @expectedException Oauth2\Authentication\ClientException
* @expectedExceptionCode 0 * @expectedExceptionCode 0
*/ */
function test_checkClientAuthoriseParams_missingClientId() function test_checkClientAuthoriseParams_missingClientId()
@ -99,7 +99,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
} }
/** /**
* @expectedException Oauth2\Authentication\OAuthServerClientException * @expectedException Oauth2\Authentication\ClientException
* @expectedExceptionCode 0 * @expectedExceptionCode 0
*/ */
function test_checkClientAuthoriseParams_missingRedirectUri() function test_checkClientAuthoriseParams_missingRedirectUri()
@ -110,7 +110,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
} }
/** /**
* @expectedException Oauth2\Authentication\OAuthServerClientException * @expectedException Oauth2\Authentication\ClientException
* @expectedExceptionCode 0 * @expectedExceptionCode 0
*/ */
function test_checkClientAuthoriseParams_missingResponseType() function test_checkClientAuthoriseParams_missingResponseType()
@ -122,7 +122,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
} }
/** /**
* @expectedException Oauth2\Authentication\OAuthServerClientException * @expectedException Oauth2\Authentication\ClientException
* @expectedExceptionCode 0 * @expectedExceptionCode 0
*/ */
function test_checkClientAuthoriseParams_missingScopes() function test_checkClientAuthoriseParams_missingScopes()
@ -136,7 +136,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
} }
/** /**
* @expectedException Oauth2\Authentication\OAuthServerClientException * @expectedException Oauth2\Authentication\ClientException
* @expectedExceptionCode 4 * @expectedExceptionCode 4
*/ */
function test_checkClientAuthoriseParams_invalidScopes() function test_checkClientAuthoriseParams_invalidScopes()
@ -247,7 +247,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
} }
/** /**
* @expectedException Oauth2\Authentication\OAuthServerClientException * @expectedException Oauth2\Authentication\ClientException
* @expectedExceptionCode 0 * @expectedExceptionCode 0
*/ */
function test_issueAccessToken_missingGrantType() function test_issueAccessToken_missingGrantType()
@ -256,7 +256,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
} }
/** /**
* @expectedException Oauth2\Authentication\OAuthServerClientException * @expectedException Oauth2\Authentication\ClientException
* @expectedExceptionCode 7 * @expectedExceptionCode 7
*/ */
function test_issueAccessToken_unsupportedGrantType() function test_issueAccessToken_unsupportedGrantType()
@ -267,7 +267,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
} }
/** /**
* @expectedException Oauth2\Authentication\OAuthServerClientException * @expectedException Oauth2\Authentication\ClientException
* @expectedExceptionCode 0 * @expectedExceptionCode 0
*/ */
function test_completeAuthCodeGrant_missingClientId() function test_completeAuthCodeGrant_missingClientId()
@ -280,7 +280,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
} }
/** /**
* @expectedException Oauth2\Authentication\OAuthServerClientException * @expectedException Oauth2\Authentication\ClientException
* @expectedExceptionCode 0 * @expectedExceptionCode 0
*/ */
function test_completeAuthCodeGrant_missingClientSecret() function test_completeAuthCodeGrant_missingClientSecret()
@ -295,7 +295,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
} }
/** /**
* @expectedException Oauth2\Authentication\OAuthServerClientException * @expectedException Oauth2\Authentication\ClientException
* @expectedExceptionCode 0 * @expectedExceptionCode 0
*/ */
function test_completeAuthCodeGrant_missingRedirectUri() function test_completeAuthCodeGrant_missingRedirectUri()
@ -311,7 +311,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
} }
/** /**
* @expectedException Oauth2\Authentication\OAuthServerClientException * @expectedException Oauth2\Authentication\ClientException
* @expectedExceptionCode 8 * @expectedExceptionCode 8
*/ */
function test_completeAuthCodeGrant_invalidClient() function test_completeAuthCodeGrant_invalidClient()
@ -328,7 +328,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
} }
/** /**
* @expectedException Oauth2\Authentication\OAuthServerClientException * @expectedException Oauth2\Authentication\ClientException
* @expectedExceptionCode 0 * @expectedExceptionCode 0
*/ */
function test_completeAuthCodeGrant_missingCode() function test_completeAuthCodeGrant_missingCode()
@ -345,7 +345,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
} }
/** /**
* @expectedException Oauth2\Authentication\OAuthServerClientException * @expectedException Oauth2\Authentication\ClientException
* @expectedExceptionCode 9 * @expectedExceptionCode 9
*/ */
function test_completeAuthCodeGrant_invalidCode() function test_completeAuthCodeGrant_invalidCode()
@ -363,7 +363,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
} }
/** /**
* @expectedException Oauth2\Authentication\OAuthServerException * @expectedException Oauth2\Authentication\ServerException
* @expectedExceptionMessage No registered database abstractor * @expectedExceptionMessage No registered database abstractor
*/ */
function test_noRegisteredDatabaseAbstractor() function test_noRegisteredDatabaseAbstractor()
@ -380,7 +380,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
} }
/** /**
* @expectedException Oauth2\Authentication\OAuthServerException * @expectedException Oauth2\Authentication\ServerException
* @expectedExceptionMessage Registered database abstractor is not an instance of Oauth2\Authentication\Database * @expectedExceptionMessage Registered database abstractor is not an instance of Oauth2\Authentication\Database
*/ */
function test_invalidRegisteredDatabaseAbstractor() function test_invalidRegisteredDatabaseAbstractor()

4
tests/resource/server_test.php
View File

@ -72,7 +72,7 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase {
} }
/** /**
* @expectedException \Oauth2\Resource\OAuthResourceServerException * @expectedException \Oauth2\Resource\ClientException
* @expectedExceptionMessage An access token was not presented with the request * @expectedExceptionMessage An access token was not presented with the request
*/ */
function test_init_missingToken() function test_init_missingToken()
@ -81,7 +81,7 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase {
} }
/** /**
* @expectedException \Oauth2\Resource\OAuthResourceServerException * @expectedException \Oauth2\Resource\ClientException
* @expectedExceptionMessage The access token is not registered with the resource server * @expectedExceptionMessage The access token is not registered with the resource server
*/ */
function test_init_wrongToken() function test_init_wrongToken()